blackmoon | 0819c09975954be69eefe3ab4792da633d11ec9cf959c75230480e1e15c923ad | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0819c09975954be69eefe3ab4792da633d11ec9cf959c75230480e1e15c923ad
Size

2.2MB
MD5

a49f4f423c7b4e7f4a9a4829985ab02d
SHA1

ed832b1da0249754ff4426cc7a5cbf100d48565e
SHA256

0819c09975954be69eefe3ab4792da633d11ec9cf959c75230480e1e15c923ad
SHA512

731eaaee3428d6d58b1709f2f59431205e3893065dbba0795cf0b26d2ef14889e9c3bf48dda5b625917efb6cdd8e225b09d55fd42a7492bf1868afaffe715558
SSDEEP

24576:n45OdMEUmzzBAFx0iRZ8cSPdduVz4AnK9a1womrtzuhqIU3plP/aMbpn0L9v5KgJ:KEUhFx0NlVKsl0/4ialhm23aJJzy2Jfr

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0819c09975954be69eefe3ab4792da633d11ec9cf959c75230480e1e15c923ad

Files

0819c09975954be69eefe3ab4792da633d11ec9cf959c75230480e1e15c923ad
.exe windows:4 windows x86

9ab46ec246c74ed97212dc7f8ee76d7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetEnvironmentVariableW
SetPriorityClass
GetCurrentProcess
GetCurrentThread
SetThreadPriority
ExitProcess
MultiByteToWideChar
GetProcessHeap
GetModuleHandleA
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetTickCount
GetModuleFileNameA
CloseHandle
WriteFile
CreateFileA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
SetFileAttributesA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA

shell32

SHChangeNotify
ShellExecuteExW

msvcrt

??3@YAXPAX@Z
memmove
__CxxFrameHandler
srand
rand
atoi
_ftol
strchr
malloc
strncmp
free

user32

wsprintfA
MessageBoxA

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ